eNSP综合实验(DNCP、NAT、TELET、HTTP、DNS)
1搭建实验拓扑
2实验目的
学习掌握eNSP中的命令
3实验步骤
3.1配置连接PC和客户端的交换机(仅以右侧为例)
[Huawei]vlan batch 10 20 #创建vlan
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]un in en
[Huawei]interface e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 10
[Huawei-Ethernet0/0/2]quit
[Huawei]
[Huawei]interface e0/0/1
[Huawei-Ethernet0/0/1]port link-type trunk
[Huawei-Ethernet0/0/1]port trunk allow-pass vlan all
[Huawei]interface e0/0/3
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/3]port default vlan 203.2配置核心三层交换机
核心三层交换机:
(1)打开中继服务配置DHCP的中继*
(2)各接口连接的设备不同,对应接口模式改变*
(3)在三层交换机上配置默认路由向公网方向*
(4)创建vlan*
(5)配置vlan的网关*
#创建vlan
[Huawei]vlan batch 10 20 8 100 200
#设置端口的模式
[Huawei]port-group group-member g0/0/1 g0/0/2 g0/0/3
[Huawei-port-group]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-port-group]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-port-group]quit
[Huawei]interface g0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/4]quit[Huawei]interface vlan 10
[Huawei-Vlanif10]ip address 192.168.10.1 255.255.255.0
[Huawei-Vlanif10]quit
[Huawei]interface vlan 20
[Huawei-Vlanif20]ip address 192.168.20.1 255.255.255.0
[Huawei-Vlanif20]quit
[Huawei]interface vlan 8
[Huawei-Vlanif8]ip address 192.168.8.1 255.255.255.0
[Huawei-Vlanif8]quit
[Huawei]interface vlan 100
[Huawei-Vlanif100]ip address 192.168.100.1 255.255.255.0
[Huawei-Vlanif100]quit
[Huawei]interface vlan 200
[Huawei-Vlanif200]ip address 192.168.200.1 255.255.255.0
[Huawei-Vlanif200]quit[Huawei]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[Huawei]interface vlan10
[Huawei-Vlanif10]dhcp select relay
[Huawei-Vlanif10]dhcp relay server-ip 192.168.100.2
[Huawei-Vlanif10]quit[Huawei]ip route-static 0.0.0.0 0 192.168.200.23.3配置DHCP服务器
(1)给接口配置ip地址
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.100.2 24
[Huawei-GigabitEthernet0/0/0]dhcp select global(2)配置vlan10的地址池
[Huawei]dhcp enable
[Huawei]ip pool vlan10
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-vlan10]network 192.168.10.0
[Huawei-ip-pool-vlan10]gateway-list 192.168.10.1
[Huawei-ip-pool-vlan10]dns-list 192.168.100.3(3)配置默认路由
[Huawei]ip route-static 0.0.0.0 0 192.168.100.13.4配置与DHCP服务器连接的交换机
(1)设置与vlan100设备连接的端口为access
[Huawei]vlan 100
[Huawei-vlan100]quit
[Huawei]port-group group-member e0/0/1 e0/0/3 e0/0/4
[Huawei-port-group]port link-type access
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/3]port link-type access
[Huawei-Ethernet0/0/4]port link-type access
[Huawei-port-group]port default vlan 100
[Huawei-Ethernet0/0/1]port default vlan 100
[Huawei-Ethernet0/0/3]port default vlan 100
[Huawei-Ethernet0/0/4]port default vlan 100(2)设置与三层交换机连接的端口为trunk
[Huawei]interface e0/0/2
[Huawei-Ethernet0/0/2]port link-type trunk
[Huawei-Ethernet0/0/2]port trunk allow-pass vlan all3.5域名服务器的配置
(1)配置域名服务器ip地址等相关参数
(2)打开域名服务并配置域名和网页服务器地址
3.6 配置网页服务器
(1)配置网页服务器IP地址等相关参数
(2)配置网页服务
找到一个有网页的目录(要求里面需要有文件) 点击启动
(3)成功界面
3.6配置vlan8路由器(Telnet客户端)
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.8.254 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.8.13.7配置交换机的Telnet服务
(1)查看用户界面
[Huawei]display user-interface #查看用户界面信息
(2)在与vlan8路由器连接的交换价上配置telnet服务
# 进入VTY(虚拟终端)用户界面视图,配置编号范围为0到4(共5个并发会话)
[Huawei]user-interface vty 0 4# 设置VTY接口的认证模式为AAA(认证、授权、计费)
[Huawei-ui-vty0-4]authentication-mode aaa# 退出VTY用户界面视图
[Huawei-ui-vty0-4]quit# 进入AAA配置视图
[Huawei]aaa# 创建本地用户"huawei",密码为加密后的"123456"
[Huawei-aaa]local-user huawei password cipher 123456
# Info: Add a new user. # 系统提示:已添加新用户# 配置用户"huawei"的服务类型为Telnet
[Huawei-aaa]local-user huawei service-type telnet# 查看设置用户"huawei"权限等级的帮助信息
# INTEGER<0-15> Level value # 权限等级范围为0(最低)到15(最高)
[Huawei-aaa]local-user huawei privilege level ?
[Huawei-aaa]local-user huawei privilege level 15[Huawei]ip route-static 0.0.0.0 0 192.168.8.13.8配置边界路由器
(1)配置边界路由器接口IP地址
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.200.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface g0/0/01
[Huawei-GigabitEthernet0/0/1]ip address 55.0.0.1 24(2)配置静态路由
[Huawei]ip route-static 0.0.0.0 0 55.0.0.2
[Huawei]ip route-static 192.168.10.0 24 192.168.200.1
[Huawei]ip route-static 192.168.20.0 24 192.168.200.1
[Huawei]ip route-static 192.168.100.0 24 192.168.200.1(2)配置访问控制列表实现10和20网段上公网
[Huawei]acl 2000
[Huawei-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[Huawei-acl-basic-2000]rule 20 permit source 192.168.20.0 0.0.0.255
[Huawei-acl-basic-2000]quit(3) 配置NAT
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 查看NAT会话
(4)配置带地址池的NAT
[Huawei]nat address-group 1 55.0.0.5 55.0.0.8
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]undo nat outbound 2000
[Huawei-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 (5)配置静态NAT
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]nat static global 55.0.0.9 inside 192.168.100.4抓包显示
(6)配置静态NAT
[Huawei-GigabitEthernet0/0/1]un nat static global 55.0.0.9 inside 192.168.100.4
[Huawei-GigabitEthernet0/0/1]nat static protocol tcp global 55.0.0.9 80 inside 1
92.168.4.0 80
3.9配置外网路由器
(1)配置外网路由器接口IP地址
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 55.0.0.2 24
[Huawei-GigabitEthernet0/0/0]interface g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 56.0.0.1 243.10外网使用域名访问内网的HTTP
(1)配置域名服务器的IP地址等参数
(2)设置域名并启动域名服务
(4)配置外网客户端
(4)访问测试
